EP0661845A2 - System and method for message authentication in a non-malleable public-key cryptosystem - Google Patents
System and method for message authentication in a non-malleable public-key cryptosystem Download PDFInfo
- Publication number
- EP0661845A2 EP0661845A2 EP94309658A EP94309658A EP0661845A2 EP 0661845 A2 EP0661845 A2 EP 0661845A2 EP 94309658 A EP94309658 A EP 94309658A EP 94309658 A EP94309658 A EP 94309658A EP 0661845 A2 EP0661845 A2 EP 0661845A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- message
- auth
- authentication
- sender
- communication device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/305—Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
Definitions
- the receiver R responds by sending a response message, preferably a random string st, encrypted using the sender's public key E sub s .
- the string st is preferably chosen at random, or may be based on some predetermined formula. For instance, the string st might be related to a date or time stamp.
- the sender S sends the recipient R an authorization message, from which the recipient R is able to establish that the identity of the sender of the data message m is, in fact, the sender S.
- the authorization message is in the form Auth(m,st), where Auth is a function mutually agreed upon between the sender S and the receiver R.
- the mafia scam exchange goes as shown in FIG. 3.
- the sender S sends an authentication request, directed to the recipient R, to authenticate a data message m.
- the request is intercepted by B.
- B sends R an authentication request, identifying itself as S, and requesting authentication of a disinformation message m', which has a given relationship to m.
Abstract
Description
- The present invention generally relates to the field of encryption of messages for transmission between communication nodes. More specifically, the invention relates to a public-key method for authentication of the source of an encrypted message.
- Communication systems are often used for communicating confidential messages from a sender to a receiver. Optimally, confidentiality is maintained through physical security, i.e., by communicating a confidential message in such a way that no one other than the sender or receiver has access to the message, such as in a sealed, hand-carried package, over a cable, or by means of some other closed communication medium.
- Electronic communication media, such as the public telephone network or wireless transmission, have the advantage of speed and convenience. However, these media do not provide physical security. That is, it is possible for a message sent through these communication media to be overheard by parties from whom the content of the message is to be kept secret.
- Therefore, a great deal of attention has been given the problem of maintaining a level of secrecy of messages which is comparable to physical security. Much of this attention has manifested itself in encryption technology. Various attributes of a cryptosystem influence how well the system maintains a message in confidence.
- In particular, a cryptosystem should not be malleable. The property of malleability is discussed in connection with cryptosystems in Dolev, Dwork, and Naor, "Non-Malleable Cryptography," ACM 089791-397-3/91/004/0542, pp. 542-52 (1991). To be non-malleable, a cryptosystem has two attributes. First, the cryptosystem is semantically secure. That is, if any given information about the plaintext is computable from the ciphertext, then that given information is computable without the ciphertext. Second, given a first ciphertext, it is impossible, or computationally infeasible, to generate a second ciphertext such that the plaintexts corresponding with the first and second ciphertexts are related.
- The disadvantage of malleability is illustrated as follows: When a set of related messages are encrypted using an algebraic cryptosystem, the resultant encrypted messages sometimes have a corresponding (not necessarily identical) relationship. For instance, if a set of messages have close numerical values in an ascending numerical series, some malleable encryption keys encrypt the messages into a set of encrypted messages which also have close values in an ascending series. While the message may still be difficult to decrypt, an eavesdropper can still make illicit use of the encrypted message.
- For example, consider a contract bidding scenario. Suppose that a municipality has voted to construct a new school, has chosen a design, and advertises that construction companies are invited to bid for the contract by submitting bids encrypted using a malleable public key E. Company A encrypts a bid of $1,500,000 using E, and sends the bid over an insecure line. Company B receives the bid, but cannot decrypt the bid because it does not have the municipality's private decrypting key.
- However, given the encrypted Company A bid, Company B may be able to produce a message of its own which, when decrypted using the municipality's decrypting key, results in a bid lower than that of Company A. The cryptosystem is malleable if, given the encrypted bid from Company A, Company B has a likelihood of producing such a message which is greater than its likelihood of doing so would be if Company B did not have the encrypted Company A bid. Company B can thus slightly underbid Company A and win the contract, without necessarily knowing what Company A's bid was, or even what its own decrypted bid will be. Clearly, Company A's interests are served by employing a non-malleable cryptosystem, so that Company B is prevented from generating a bid in this fashion.
- This scenario illustrates the difference between physical security, in which Company has no access even to Company A's encrypted bit, and secrecy, produced by encrypting messages. In some contexts, such as this scenario, mere secrecy through the use of a malleable cryptosystem is not a satisfactory substitute for physical security.
- A particular area in which secrecy desirably should match physical security is the area of authentication of the source of an encrypted message. Desirably, an authentication scheme should have two attributes. First, the scheme should be secure against attack from an interloper. That is, an interloper should not be able to send a disinformation to a recipient and authenticate the disinformation message as being a valid message sent from a legitimate sender. If no reliable message authentication scheme is in place, then a message received by a recipient R and bearing the source address of a sender S could in fact have been sent by an interloper B. Thus, B could send disinformation about S to R.
The second desirable attribute of an authentication scheme is that it should be possible for the recipient R to convince a third party C that the message was in fact sent from the sender S, and not from an imposter B. - An example of a scenario in which authentication is desirable is a scenario called the "cheesmaster attack," or "mafia scam." The name is derived from a chess scenario in which a player simultaneously plays white against one grandmaster and black against another. The player effectively plays the two grandmasters against each other by duplicating the moves made by each grandmaster against the other.
- The cheesmaster attack is illustrated in a scenario called "Identification: Friend or Foe", or IFF. In one possible IFF scenario, a friendly aircraft F and a friendly ground site G sub F communicate, and an enemy aircraft N, with the cooperation of an enemy ground site G sub N, seek to communicate disinformation to the friendly aircraft and ground site by impersonating them.
- A conventional attempt to establish secure communications is to give the friendly aircraft some secret information s, known only to the friendly ground site. The friendly ground site selects one of a large number of challenges q, and sends q to the friendly aircraft. The friendly aircraft responds with a function F of s and q which is computationally infeasible to calculate without s. Of course, the enemy aircraft may also receive the function. If, later, the friendly ground station challenges the enemy aircraft with a different challenge q', then the required response, a function of s and q', cannot easily be produced, given only q and F(s,q).
- However, in a malleable cryptosystem, this communication protocol is subject to attack, using a mafia scam technique. Consider the following sequence of messages, in which the expression following the colon is the mesage ( i.e., a challenge or a response) sent from the first party to the second party:
Gf →N :q
N→Gn: q
Gn →F :q - In this sequence, an enemy plane and ground site, working together, interpose themselves between the friendly ground site and the friendly aircraft, in the manner of a mafia scam. In the fourth step, the friendly aircraft F provides the enemy ground site with the encrypted response f(s,q). Then, in the sixth step, the enemy aircraft sends the encrypted response to the friendly ground site, thereby responding correctly to the challenge from the friendly ground site.
- It is possible for the friendly ground site to defeat the enemy's copying by including some special locater information, such as the location of the friendly plane and a time stamp, in the challenge, designated q'. As a result, the enemy plane would need to transmit f(s, q') rather than f(s,q), so mere copying would be insufficient to attack the friendly communication system.
- However, the two challenges q and q' are the same, except for the location and the time stamp. In a malleable cryptosystem, f(s,q) and f(s,q') are likely to be similar. Thus, given q, q', and f(s,q), it may be possible for the enemy to obtain f(s,q') and defeat the friendly cryptosystem.
- Accordingly, there is a need for a cryptosystem which facilitates the authentication of secret messages, which is not malleable, and therefore not vulnerable to the sort of attacks described above.
- Therefore, it is an object of the invention to provide a method and system for authenticating messages which is non-malleable.
- To achieve these and other objectives, there is provided in accordance with the invention a method and system in which a public key cryptosystem, employing non-malleable public and private keys, is used for message authentication. A message authentication protocol is employed which, used with the non-malleable public key cryptosystem, provides authentication which is secure from tampering from an eavesdropper/imposter.
- The protocol includes the following: In response to a first message received by a recipient and apparently sent by a sender, the responder sends an authentication string which is encrypted with the apparent sender's public key. The sender, who actually did send the first message, uses its private decryption key to decrypt the authentication string. The sender then sends an authentication message which is a function of the first message and the authentication string.
- The above protocol provides authentication of the sender's identity to the recipient because only then sender is able to decrypt the string, which was encrypted using the sender's public key. Moreover, in accordance with the invention, the above protocol is reliable because, since the public key cryptosystem used is non-malleable, no eavesdropper/imposter could have generated the authentication message from the encrypted authentication string.
- While the invention is primarily disclosed as a method, it will be understood by a person of ordinary skill in the art that an apparatus, such as a conventional data processor, including a CPU, memory, I/O, program storage, a connecting bus, and other appropriate components, could be programmed or otherwise designed to facilitate the practice of the method of the invention. Such a processor would include appropriate program means for executing the method of the invention.
- FIG. 1 is a system block diagram showing two communication devices, S and R, and an interloper B.
- FIG. 2 is a flowchart showing an exchange of messages for an authentication sequence according to the method of the invention.
- FIG. 3 is a flowchart showing an exchange of messages for an authentication sequence between a sender and a recipient, in which a third party attempts to authenticate a message which did not originate from the sender.
- The following discussion is applicable to any communication system in which a sender sends a message to a recipient, in which the origin of the message is to be authenticated, and in which an interloper, attempting to send the recipient a disinformation message perportedly from the sender, is to be prevented from doing so. The precise nature of the communication medium and of the sender, recipient, and interloper are not essential to the invention. FIG. 1 is a block diagram representation which schematically shows such a system, including a sender S, a recipient R, and an interloper B.
- The technique for message authentication according to the invention includes the use of a public key cryptosystem. A public key cryptosystem was first presented in Diffie and Hellman, "New Directions in Cryptography," I.E.E.E. Transactions on Information Theory, Vol. IT-22, No. 6, pp. 644-54 (Nov. 1976).
- In apublic-key cryptosystem operable by a plurality of communication nodes, for each node A, there is a public encryption key E sub A which is known to all of the other nodes. Each public encryption key E sub A describes a procedure for encrypting messages to be sent to the respective node A. For each public encryption key, there is a corresponding private decrypting key known only to the respective node, and which cannot be deduced, given the public encryption key. Therefore, if a message is encoded using the public encryption key E sub A then, although any other node can receive the encrypted message, only the node A can decrypt it. Even the sending node cannot decrypt the message, once it has been encrypted.
- Public-key cryptosystems first proposed in Diffie et al. are based on the difficulty of computing logarithms mod q, where q is a prime number of elements making up a field. For a quantity representable as a b bit number, where q is a prime number slightly less than 2 sup b, encryption or decryption using keys as described in Diffie et al. requires exponentiation that takes at most 2b multiplications mod q. However, decrypting a ciphertext without the key requires taking logarithms with 2(b/2) operations. Thus, cryptanalysis requires a computational effort which grows exponentially, relative to legitimate encryption or decryption by parties who know the respective keys.
- However, because of the dependence on modulo arithmetic, ciphertexts corresponding with ascending plaintexts are piecewise ascending. Thus, the conventional Diffie et al. public key cryptography is malleable, and subject to the attacks described above. In accordance with the invention, this drawback is overcome through the use of a non-malleable cryptosystem. While any non-malleable cryptosystem may be employed in accordance with the invention, a preferred non-malleable cryptosystem is that given in
Section 4 of Dolev et al., "Non-Malleable Cryptography," cited in the Background. This document is herein incorporated by reference. - Diffie et al. discusses the problem of authentication, and suggests a one-way authentication system in which a sender "deciphers" the message to be sent, using the sender's private key. The recipient then uses the sender's public key to "encrypt" the "decrypted" message to recover the message itself. Since only the sender could have used the sender's private key, recovering the message using the sender's public key is proof that the sender sent the message.
- Given a suitable non-malleable cryptosystem, the method of the invention works as set forth in the flowchart of FIG. 2. The steps of FIG. 2 show communication traffic between a sender S and a recipient R. The objective is to authenticate a data message m, which is to be sent from S to R.
- In a
first step 2, the sender S sends an authorization request message which indicates that S desires to authenticate the data message m. The authorization request message may include the data message m itself, or may be a command message in accordance with a suitable command format or protocol in use with the communication system supporting the sender S and the receiver R. In this latter case, it is assumed that the data message m itself is sent separately. In effect, the authorization request message is a statement, "I am S, and I wish to authenticate a data message M which I am sending to you." - In
step 4, the receiver R responds by sending a response message, preferably a random string st, encrypted using the sender's public key E sub s . The string st is preferably chosen at random, or may be based on some predetermined formula. For instance, the string st might be related to a date or time stamp.
Finally, instep 6, the sender S sends the recipient R an authorization message, from which the recipient R is able to establish that the identity of the sender of the data message m is, in fact, the sender S. In a preferred embodiment of the invention, the authorization message is in the form Auth(m,st), where Auth is a function mutually agreed upon between the sender S and the receiver R. Auth is preferably an easily computed function which takes as arguments a message, such as the message m to be authenticated, and a string, such as st. Auth produces an output, preferably in the form of a short string. It is that output, or short string, which is actually sent from the sender S to the recipient R. For any two strings st and st', the probability that Auth(m,st) equals Auth(m,st') should be low. - Additionally, it is preferable that, given m, st, and the output or short string, the recipient R can easily verify that Auth(m,st) equals the output sent from S to R as the authorization message. Thus, when R verifies that the authorization message it received matches the Auth function of the data message m, which R has already received, and st, the string which R sent to S, R thereby verifies that the identity of the sender of the data message m is in fact S.
- It is preferable, though not essential to the invention, that the recipient R's public key be used by the sender S to encrypt the authorization request message (assuming that the encrypted data message m was sent separately), and the authorization message Auth(m,st).
- To foil an attempt by an imposter B to impersonate the sender S, the public encryption key Es must be non-malleable. Otherwise, this authorization sequence would be subject to attack, for instance from the mafia scam. Such a scam would work as shown in the flowchart of FIG. 3.
- Assume that So send a data message m to R, and that the imposter B wants to send a disinformation message m' to R im place of S's message m, and to authenticate m' as having come from S. The disinformation message m' has some relationship to the data message m, i.e., m' = f(m). Because, for the purpose of this illustration, the sender S's public key Es. is malleable, it is reasonably easy for B to calculate an Es (st), given Es(st '), m, and m', such that there is a relationship between st and st'.
- The mafia scam exchange goes as shown in FIG. 3. In
step 8, the sender S sends an authentication request, directed to the recipient R, to authenticate a data message m. The request is intercepted by B. Instep 10, B sends R an authentication request, identifying itself as S, and requesting authentication of a disinformation message m', which has a given relationship to m. - R responds to B's request, in
step 12, by sending a string st', encrypted using S's public key. B cannot decrypt the encrypted string. If, in accordance with the invention, S's public key is non-malleable (step 13), B's attempt to authenticate m' does not get beyond this point. B's attempt is frustrated, and the method of the invention has successfully maintained communication security (step 14).
However, if S's public key is malleable, B can manipulate E sub s (st') to produce an encrypted message Es(st), where Auth(m,st) = g(Auth(m,st)), for some easily computable function g. Instep 14, B sends Es(st) to S. - S then attempts to complete the authorization by sending Auth(m,st) in
step 16. B again intercepts this message, applies the function g to it to produce Auth(m',st'), and, instep 18, sends the latter to R. R then believes that S has authenticated the disinformation message m', and B has succeeded in its mafia scam. - However, the success of the mafia scam depends on the malleability of S's public key Es. If, in accordance with the invention, the public key is not malleable, B is unable to generate Es(st) from Es(st'), and the mafia scam fails. Thus, the invention advantageously protects this authentication sequence from attack.
Claims (6)
- A non-malleable public-key encryption method for authentication of a data message (m) sent from a first communication device S to a second communication device R, the method comprising the steps of:
sending (2) by the first communication device S to the second communication device R, an authentication request message;
responding (4) by the second communication device R to an authentication request message which was apparently sent by the first communication device S, said first device apparently having sent the data message, the step of responding including sending a response message (st) encrypted with said first device's non-malleable public encryption key (Es);
decrypting, by said first device S, using its non-malleable public encryption key (Es), said encrypted response message Es(st) to obtain the response message (st);
generating, by said first device S, an authentication message (Auth(m,st)) which is a function of the data message (m) and the response message (st);
sending (6), by said first device S, the generated authentication message (Auth(m,st));
verifying, by said second device R, that the received authentication message (Auth(m,st)) matches the authentication message (Auth(m,st)). - A method as claimed in claim 1, wherein the response message (st) is a random string.
- A method as claimed in any preceding claim wherein the function (Auth) used in said generating step is such that the probability is low that for any two different string arguments, the function (Auth) produces the same output.
- A non-malleable public-key encryption communication system for authentication of a data message (m) sent from a first communication device S to a second communication device R, the system comprising:
a first communication device S; and
a second communication device R;
the first communication device S comprising:
means for sending (2) to the second communication device R, an authentication request message;
means for decrypting, using its non-malleable public encryption key (Es), said encrypted response message Es(st) to obtain the response message (st);
means for generating, an authentication message (Auth(m,st)) which is a function of the data message (m) and the response message (st); and
means for sending (6), the generated authentication message (Auth(m,st));
the second communication device R comprising:
means for responding (4) to an authentication request message which was apparently sent by the first communication device S, said first device apparently having sent the data message, the means for responding including means for sending a response message (st) encrypted with said first device's non-malleable public encryption key (Es);
means for verifying, that the received authentication message (Auth(m,st)) matches the authentication message (Auth(m,st)). - A system as claimed in claim 4, wherein the response message (st) is a random string.
- A system as claimed in any preceding claim wherein the function (Auth) used in said means for generating is such that the probability is low that for any two different string arguments, the function (Auth) produces the same output.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/175,024 US5539826A (en) | 1993-12-29 | 1993-12-29 | Method for message authentication from non-malleable crypto systems |
US175024 | 1993-12-29 |
Publications (3)
Publication Number | Publication Date |
---|---|
EP0661845A2 true EP0661845A2 (en) | 1995-07-05 |
EP0661845A3 EP0661845A3 (en) | 2000-03-01 |
EP0661845B1 EP0661845B1 (en) | 2002-09-25 |
Family
ID=22638519
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP94309658A Expired - Lifetime EP0661845B1 (en) | 1993-12-29 | 1994-12-21 | System and method for message authentication in a non-malleable public-key cryptosystem |
Country Status (4)
Country | Link |
---|---|
US (1) | US5539826A (en) |
EP (1) | EP0661845B1 (en) |
JP (1) | JP3504988B2 (en) |
DE (1) | DE69431426T2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100383695C (en) * | 2005-05-11 | 2008-04-23 | 联想(北京)有限公司 | Safety turn-on method in visual range |
US7373507B2 (en) | 2000-08-10 | 2008-05-13 | Plethora Technology, Inc. | System and method for establishing secure communication |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6085321A (en) * | 1998-08-14 | 2000-07-04 | Omnipoint Corporation | Unique digital signature |
US6615348B1 (en) | 1999-04-16 | 2003-09-02 | Intel Corporation | Method and apparatus for an adapted digital signature |
US6356935B1 (en) | 1998-08-14 | 2002-03-12 | Xircom Wireless, Inc. | Apparatus and method for an authenticated electronic userid |
US6507656B1 (en) * | 1999-01-27 | 2003-01-14 | Lucent Technologies Inc. | Non malleable encryption apparatus and method |
JP4434465B2 (en) * | 1999-11-16 | 2010-03-17 | キヤノン株式会社 | Communication apparatus and method, and storage medium |
FI112418B (en) * | 2000-02-01 | 2003-11-28 | Nokia Corp | Method for checking data integrity, system and mobile |
US20040186996A1 (en) * | 2000-03-29 | 2004-09-23 | Gibbs Benjamin K. | Unique digital signature |
US6732101B1 (en) * | 2000-06-15 | 2004-05-04 | Zix Corporation | Secure message forwarding system detecting user's preferences including security preferences |
US8972717B2 (en) | 2000-06-15 | 2015-03-03 | Zixcorp Systems, Inc. | Automatic delivery selection for electronic content |
US20020046350A1 (en) * | 2000-09-14 | 2002-04-18 | Lordemann David A. | Method and system for establishing an audit trail to protect objects distributed over a network |
US7353204B2 (en) * | 2001-04-03 | 2008-04-01 | Zix Corporation | Certified transmission system |
DE10118267A1 (en) * | 2001-04-12 | 2002-10-24 | Bosch Gmbh Robert | Method for authorizing a user accessing a software based system using an unsecured access medium has a two stage encryption process that ensures users are authorized before the system can be accessed |
US7421411B2 (en) * | 2001-07-06 | 2008-09-02 | Nokia Corporation | Digital rights management in a mobile communications environment |
US6941477B2 (en) * | 2001-07-11 | 2005-09-06 | O'keefe Kevin | Trusted content server |
US20030051172A1 (en) * | 2001-09-13 | 2003-03-13 | Lordemann David A. | Method and system for protecting digital objects distributed over a network |
DE60303018T2 (en) * | 2002-03-13 | 2006-08-24 | Koninklijke Philips Electronics N.V. | Polynomial multi-user key generation and authentication method and system |
AU2003245574A1 (en) * | 2002-06-21 | 2004-01-06 | Probix, Inc. | Method and system for protecting digital objects distributed over a network using an electronic mail interface |
US20040086121A1 (en) * | 2002-10-31 | 2004-05-06 | Sensis Corporation | Secure automatic dependant surveillance |
JP2004171416A (en) * | 2002-11-21 | 2004-06-17 | Ntt Docomo Inc | Communication terminal, value substance providing server, application distribution server, electronic purchase support system, electronic purchase support method and electronic purchase support program |
US7730307B2 (en) * | 2006-04-07 | 2010-06-01 | Sensis Corporation | Secure ADS-B authentication system and method |
US11361174B1 (en) * | 2011-01-17 | 2022-06-14 | Impinj, Inc. | Enhanced RFID tag authentication |
US9525668B2 (en) * | 2014-06-27 | 2016-12-20 | Intel Corporation | Face based secure messaging |
EP3192000A4 (en) | 2014-09-08 | 2018-07-11 | Uri Jacob Braun | System and method of controllably disclosing sensitive data |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0522473A2 (en) * | 1991-07-08 | 1993-01-13 | Mitsubishi Denki Kabushiki Kaisha | Cryptographic identity verification method and apparatus |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4723284A (en) * | 1983-02-14 | 1988-02-02 | Prime Computer, Inc. | Authentication system |
US4853961A (en) * | 1987-12-18 | 1989-08-01 | Pitney Bowes Inc. | Reliable document authentication system |
CA1321649C (en) * | 1988-05-19 | 1993-08-24 | Jeffrey R. Austin | Method and system for authentication |
US5144662A (en) * | 1989-02-08 | 1992-09-01 | U.S. Philips Corporation | Public communication system comprising distributed stations, and station and sub-station for use in such a communication system |
JP2606419B2 (en) * | 1989-08-07 | 1997-05-07 | 松下電器産業株式会社 | Cryptographic communication system and cryptographic communication method |
JPH03214834A (en) * | 1990-01-19 | 1991-09-20 | Canon Inc | Multi-medium network system |
US5148485A (en) * | 1990-07-20 | 1992-09-15 | Ericsson Ge Mobile Communications Holding, Inc. | Encrypton system for digital cellular communications |
US5073935A (en) * | 1990-12-17 | 1991-12-17 | Jose Pastor | Method for secure communication |
US5144667A (en) * | 1990-12-20 | 1992-09-01 | Delco Electronics Corporation | Method of secure remote access |
US5142579A (en) * | 1991-01-29 | 1992-08-25 | Anderson Walter M | Public key cryptographic system and method |
US5142578A (en) * | 1991-08-22 | 1992-08-25 | International Business Machines Corporation | Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors |
US5164988A (en) * | 1991-10-31 | 1992-11-17 | International Business Machines Corporation | Method to establish and enforce a network cryptographic security policy in a public key cryptosystem |
-
1993
- 1993-12-29 US US08/175,024 patent/US5539826A/en not_active Expired - Lifetime
-
1994
- 1994-11-18 JP JP28469794A patent/JP3504988B2/en not_active Expired - Fee Related
- 1994-12-21 EP EP94309658A patent/EP0661845B1/en not_active Expired - Lifetime
- 1994-12-21 DE DE69431426T patent/DE69431426T2/en not_active Expired - Lifetime
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0522473A2 (en) * | 1991-07-08 | 1993-01-13 | Mitsubishi Denki Kabushiki Kaisha | Cryptographic identity verification method and apparatus |
Non-Patent Citations (2)
Title |
---|
"Non-Malleable Cryptography", Dolev, Dwork, and Naor, ACM 089791-397-3/91/004/0542, pp. 542-552 (1991), XP001017906, IBM Research Division Almaden Research Center * |
SIMMONS G J: "A PROTOCOL TO PROVIDE VERIFIABLE PROOF OF IDENTITY AND UNFORGEABLE TRANSACTION RECEIPTS" IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS,US,IEEE INC. NEW YORK, vol. 7, no. 4, page 435-447 XP000007982 ISSN: 0733-8716 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7373507B2 (en) | 2000-08-10 | 2008-05-13 | Plethora Technology, Inc. | System and method for establishing secure communication |
CN100383695C (en) * | 2005-05-11 | 2008-04-23 | 联想(北京)有限公司 | Safety turn-on method in visual range |
Also Published As
Publication number | Publication date |
---|---|
JPH07212357A (en) | 1995-08-11 |
US5539826A (en) | 1996-07-23 |
EP0661845B1 (en) | 2002-09-25 |
DE69431426T2 (en) | 2003-05-28 |
EP0661845A3 (en) | 2000-03-01 |
DE69431426D1 (en) | 2002-10-31 |
JP3504988B2 (en) | 2004-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0661845B1 (en) | System and method for message authentication in a non-malleable public-key cryptosystem | |
CN101238677B (en) | Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved safety | |
MacKenzie et al. | Networked cryptographic devices resilient to capture | |
US5737419A (en) | Computer system for securing communications using split private key asymmetric cryptography | |
US6535980B1 (en) | Keyless encryption of messages using challenge response | |
US7688975B2 (en) | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure | |
JP4384728B2 (en) | Key agreement and transport protocols using intrinsic signatures | |
US5535276A (en) | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography | |
Tsai et al. | Novel anonymous authentication scheme using smart cards | |
US5440635A (en) | Cryptographic protocol for remote authentication | |
US8930704B2 (en) | Digital signature method and system | |
US6826686B1 (en) | Method and apparatus for secure password transmission and password changes | |
US9118661B1 (en) | Methods and apparatus for authenticating a user using multi-server one-time passcode verification | |
US20120023336A1 (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
Peyravian et al. | Secure remote user access over insecure networks | |
EP2945347B1 (en) | Methods and devices for securing keys when key-management processes are subverted by an adversary | |
US7971234B1 (en) | Method and apparatus for offline cryptographic key establishment | |
CA2819211A1 (en) | Data encryption | |
US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
JPH0969831A (en) | Cipher communication system | |
CN106230840A (en) | A kind of command identifying method of high security | |
CN110324357A (en) | Data transmission method for uplink and device, data receiver method and device | |
Yang et al. | Security enhancement for protecting password transmission | |
Hwang | Scheme for secure digital mobile communications based on symmetric key cryptography | |
CN112333701A (en) | Cross-domain authentication method based on identity in large-scale Internet of things scene |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): DE FR GB |
|
17P | Request for examination filed |
Effective date: 19951024 |
|
PUAL | Search report despatched |
Free format text: ORIGINAL CODE: 0009013 |
|
AK | Designated contracting states |
Kind code of ref document: A3 Designated state(s): DE FR GB |
|
RIC1 | Information provided on ipc code assigned before grant |
Free format text: 7H 04L 9/32 A, 7H 04L 9/30 B |
|
17Q | First examination report despatched |
Effective date: 20010420 |
|
GRAG | Despatch of communication of intention to grant |
Free format text: ORIGINAL CODE: EPIDOS AGRA |
|
GRAG | Despatch of communication of intention to grant |
Free format text: ORIGINAL CODE: EPIDOS AGRA |
|
GRAH | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOS IGRA |
|
GRAH | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOS IGRA |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): DE FR GB |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REF | Corresponds to: |
Ref document number: 69431426 Country of ref document: DE Date of ref document: 20021031 |
|
ET | Fr: translation filed | ||
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20030626 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 746 Effective date: 20071113 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20101221 Year of fee payment: 17 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: ST Effective date: 20120831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20120102 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20131210 Year of fee payment: 20 Ref country code: DE Payment date: 20131223 Year of fee payment: 20 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R071 Ref document number: 69431426 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: PE20 Expiry date: 20141220 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION Effective date: 20141220 |